CVE-2016-10229
published 2017-04-04CVE-2016-10229: udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
12.79%
95.8th percentile
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 4.5.1-1 (bookworm) | linux 4.5.1-1 (bookworm) |
| android | <= 7.1.1 | — | |
| android | — | — | |
| linux | linux_kernel | >= 0 < 4.5.1-1 | 4.5.1-1 |
| linux | linux_kernel | >= 0 < 4.5.1-1 | 4.5.1-1 |
| linux | linux_kernel | >= 0 < 4.5.1-1 | 4.5.1-1 |
| linux | linux_kernel | >= 0 < 4.5.1-1 | 4.5.1-1 |
| linux | linux_kernel | >= 3.11 < 3.12.53 | 3.12.53 |
| linux | linux_kernel | >= 3.13 < 3.14.77 | 3.14.77 |
| linux | linux_kernel | >= 3.15 < 3.16.35 | 3.16.35 |
| linux | linux_kernel | >= 3.17 < 3.18.45 | 3.18.45 |
| linux | linux_kernel | >= 3.19 < 4.1.40 | 4.1.40 |
| linux | linux_kernel | >= 3.2 < 3.2.76 | 3.2.76 |
| linux | linux_kernel | >= 3.3 < 3.4.113 | 3.4.113 |
| linux | linux_kernel | >= 3.5 < 3.10.103 | 3.10.103 |
| linux | linux_kernel | >= 4.2 < 4.4.21 | 4.4.21 |
| paloalto | pan-os | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for exploitation attempts targeting the UDP recv() syscall with MSG_PEEK flag — the vulnerability is triggered by crafted UDP traffic that causes an unsafe second checksum calculation during a recv system call with MSG_PEEK set. ↗
- →For PAN-OS deployments, exploitation requires attacker access to the management network; restrict UDP-based access to the management plane and alert on unexpected UDP traffic originating from outside authorized management IP ranges. ↗
- →Successful exploitation may manifest as a kernel panic or memory corruption leading to privilege escalation — monitor kernel logs for unexpected panics or oops messages on Linux hosts running kernels before 4.5. ↗
- ·Red Hat Enterprise Linux 5 and 6 are NOT affected — the vulnerable code is absent from those kernel packages. ↗
- ·Red Hat Enterprise Linux 7, Red Hat Enterprise MRG 2, and realtime kernels are NOT affected — they already contain the fixed commit. ↗
- ·PAN-OS Data Plane is NOT affected; only the management plane (Linux kernel) is vulnerable. Affected PAN-OS versions: 6.1.17 and earlier, 7.0, 7.1.10 and earlier, 8.0.2 and earlier. ↗
- ·The upstream fix was committed during the Linux 4.5 kernel merge window (December 2015); any kernel >= 4.5 is not vulnerable. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
Kernel Vulnerability
vendor_paloalto·2017-06-19·CVSS 9.8
CVE-2016-10229 [CRITICAL] CWE-358 Kernel Vulnerability
Kernel Vulnerability
A vulnerability exists in the Linux kernel of PAN-OS that may result in Remote Code Execution. A vulnerability in the Linux kernel networking subsystem for UDP could enable an attacker to execute arbitrary code within the context of the kernel. The Data Plane (DP) of PAN-OS is not affected by this issue since it does not use the vulnerable Linux kernel code. (ref # PAN-77173 / CVE-2016-10229).
Successful exploitation of this issue requires an attacker to be on the management network.
This issue affects PAN-OS 6.1.17 and earlier, PAN-OS 7.0, PAN-OS 7.1.10 and earlier, PAN-OS 8.0.2 and earlier
Affected products: PAN-OS
Solution: PAN-OS 6.1.18 and later, PAN-OS 7.1.11 and later, PAN-OS 8.0.3 and later
Workaround: Palo Alto Networks recommends to implement best practi
Android
CVE-2016-10229: Android Security Bulletin 2017-04-01
CVE: CVE-2016-10229
Severity: CRITICAL
References: A-32813456
Upstream kernel
vendor_android·2017-04-01·CVSS 9.8
CVE-2016-10229 [CRITICAL] CVE-2016-10229: Android Security Bulletin 2017-04-01
CVE: CVE-2016-10229
Severity: CRITICAL
References: A-32813456
Upstream kernel
Android Security Bulletin 2017-04-01
CVE: CVE-2016-10229
Severity: CRITICAL
References: A-32813456
Upstream kernel
Debian
CVE-2016-10229: linux - udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrar...
vendor_debian·2016·CVSS 9.8
CVE-2016-10229 [CRITICAL] CVE-2016-10229: linux - udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrar...
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
Scope: local
bookworm: resolved (fixed in 4.5.1-1)
bullseye: resolved (fixed in 4.5.1-1)
forky: resolved (fixed in 4.5.1-1)
sid: resolved (fixed in 4.5.1-1)
trixie: resolved (fixed in 4.5.1-1)
Red Hat
kernel: net: Unsafe second checksum calculation in udp.c
vendor_redhat·2015-12-30·CVSS 9.8
CVE-2016-10229 [CRITICAL] CWE-662 kernel: net: Unsafe second checksum calculation in udp.c
kernel: net: Unsafe second checksum calculation in udp.c
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
The Linux kernel allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. This may create a kernel panic or memory corruption leading to privilege escalation.
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code that introduced the flaw is not present in these products.
This issue does not affect the Linux kernel packages as sh
GHSA
GHSA-gm6m-fgmp-cp9x: udp
ghsa_unreviewed·2022-05-17
CVE-2016-10229 [CRITICAL] CWE-358 GHSA-gm6m-fgmp-cp9x: udp
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
OSV
CVE-2016-10229: udp
osv·2017-04-04·CVSS 9.8
CVE-2016-10229 [CRITICAL] CVE-2016-10229: udp
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-10229 kernel: net: Unsafe second checksum calculation in udp.c [fedora-all]
bugzilla·2017-04-10·CVSS 9.8
CVE-2016-10229 [CRITICAL] CVE-2016-10229 kernel: net: Unsafe second checksum calculation in udp.c [fedora-all]
CVE-2016-10229 kernel: net: Unsafe second checksum calculation in udp.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported v
Bugzilla
CVE-2016-10229 kernel: net: Unsafe second checksum calculation in udp.c
bugzilla·2017-04-06·CVSS 9.8
CVE-2016-10229 [CRITICAL] CVE-2016-10229 kernel: net: Unsafe second checksum calculation in udp.c
CVE-2016-10229 kernel: net: Unsafe second checksum calculation in udp.c
A flaw was found in the Linux kernel which allows remote attackers to crash the system or corrupt kernel memory, possibly leading to arbitrary code execution, via UDP traffic that triggers an unsafe second checksum calculation during the execution of a recv system call with the MSG_PEEK flag.
Upstream patch:
https://github.com/torvalds/linux/commit/197c949e7798fbf28cfadc69d9ca0c2abbf93191
References:
http://source.android.com/security/bulletin/2017-04-01.html
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1440624]
---
This fix was committed upstream in the 4.5 kernel merge window (Dec 2015). It has never impacted any of the currently supported versions of Fedora.
---
State
arXiv
Trusted Container Extensions for Container-based Confidential Computing
arxiv_fulltext·2022-05-11
Trusted Container Extensions for Container-based Confidential Computing
Trusted Container Extensions for Container-based Confidential Computing
draft
[1]
plain
Anonymous
[1]
camera
Ferdinand Brasser, Patrick Jauernig, Frederik Pustelnik,
Ahmad-Reza Sadeghi, Emmanuel Stapf
Technical University of Darmstadt, Germany
\ferdinand.brasser, patrick.jauernig, emmanuel.stapf\@sanctuary.dev
\ahmad.sadeghi\@trust.tu-darmstadt.de
## Abstract
Cloud computing has emerged as a corner stone of today's computing landscape. More and more customers who outsource their infrastructure benefit from the manageability, scalability and cost saving that come with cloud computing. Those benefits get amplified by the trend towards microservices. Instead of renting and maintaining full VMs, customers increasingly leverage container technologies, which come with a much more light
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191http://source.android.com/security/bulletin/2017-04-01.htmlhttp://www.securityfocus.com/bid/97397http://www.securitytracker.com/id/1038201https://github.com/torvalds/linux/commit/197c949e7798fbf28cfadc69d9ca0c2abbf93191https://security.paloaltonetworks.com/CVE-2016-10229http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191http://source.android.com/security/bulletin/2017-04-01.htmlhttp://www.securityfocus.com/bid/97397http://www.securitytracker.com/id/1038201https://github.com/torvalds/linux/commit/197c949e7798fbf28cfadc69d9ca0c2abbf93191https://security.netapp.com/advisory/ntap-20250103-0008/https://security.paloaltonetworks.com/CVE-2016-10229
2017-04-04
Published